Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-15299

Опубликовано: 27 сент. 2017
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.

A vulnerability was found in the key management subsystem of the Linux kernel. An update on an uninstantiated key could cause a kernel panic, leading to denial of service (DoS).

Отчет

This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5 and 6, as the code with the flaw is not present in the products listed. This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2. Future updates for the respective releases may address this issue.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5kernelNot affected
Red Hat Enterprise Linux 6kernelNot affected
Red Hat Enterprise Linux 7kernelAffected
Red Hat Enterprise Linux 7kernel-rtAffected
Red Hat Enterprise MRG 2realtime-kernelAffected
Red Hat Enterprise Linux 7kernel-altFixedRHSA-2018:065410.04.2018

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-476
https://bugzilla.redhat.com/show_bug.cgi?id=1498016kernel: Incorrect updates of uninstantiated keys crash the kernel

EPSS

Процентиль: 1%
0.00011
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-15299

CVSS3: 5.5
ubuntu
больше 7 лет назад

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.

nvd логотип

CVE-2017-15299

CVSS3: 5.5
nvd
больше 7 лет назад

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.

debian логотип

CVE-2017-15299

CVSS3: 5.5
debian
больше 7 лет назад

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use o ...

github логотип

GHSA-87f2-g6cv-pjh2

CVSS3: 5.5
github
около 3 лет назад

The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.

fstec логотип

BDU:2023-07687

CVSS3: 5.5
fstec
больше 7 лет назад

Уязвимость подсистемы KEYS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 1%
0.00011
Низкий

5.5 Medium

CVSS3

Уязвимость CVE-2017-15299